Skip to content

Unable to use "php<space>" #3812

New issue
New issue
Closed
#3735
Closed
Unable to use "php<space>"#3812
#3735
Labels
➕ False Positivev4 unix rceOne of the many reports on FPs with the new unix rce rules in v4
@Puvipavan

Description

@Puvipavan
Puvipavan
opened on Sep 3, 2024

Description

Unable to use anything that starts with php (Note the space after php).

How to reproduce the misbehavior (-> curl call)

curl -i "https://sandbox.coreruleset.org/?s=php%20"
curl -i "https://sandbox.coreruleset.org/?s=php%20something"

Your Environment

  • CRS version : v4.5.0
  • Paranoia level setting (e.g. PL1) : default
  • ModSecurity version (e.g., 2.9.6): 3.0.12
  • Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Openresty 1.21.4.4
  • Operating System and version: Ubuntu 22.04

Confirmation

  • I have removed any personal data (email addresses, IP addresses,
    passwords, domain names) from any logs posted.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ➕ False Positivev4 unix rceOne of the many reports on FPs with the new unix rce rules in v4

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions